---
title: "Gallery"
description: "REST endpoints for accessing and managing the user's photo gallery"
---

## Get Gallery Photos

Retrieve all photos in the user's gallery.

### Endpoint

<CodeGroup>
```bash Production
GET https://api.mentra.glass/api/gallery
```

```bash Development
GET https://devapi.mentra.glass/api/gallery
```

```bash Local
GET http://localhost:8002/api/gallery
```
</CodeGroup>

### Headers

```
Authorization: Bearer <glassesJwt>
```

<Note>
This endpoint requires glasses authentication, not regular user authentication.
</Note>

### Response

Success (200):
```json
{
  "success": true,
  "photos": [
    {
      "_id": "photo-id-123",
      "userId": "user@example.com",
      "userEmail": "user@example.com",
      "filename": "photo_2024_01_20_103000.jpg",
      "uploadedAt": "2024-01-20T10:30:00Z",
      "size": 1048576,
      "mimeType": "image/jpeg",
      "metadata": {
        "requestId": "req-123",
        "origin": "app",
        "packageName": "com.example.app"
      }
    }
  ]
}
```

Error (500):
```json
{
  "error": "Failed to fetch gallery photos"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/gallery.routes.ts:19-37`
- **Middleware**: `validateGlassesAuth`
- **Service**: Uses `GalleryPhoto.findByUserId()` with email from decoded token

## Delete Gallery Photo

Delete a specific photo from the user's gallery.

### Endpoint

<CodeGroup>
```bash Production
DELETE https://api.mentra.glass/api/gallery/:photoId
```

```bash Development
DELETE https://devapi.mentra.glass/api/gallery/:photoId
```

```bash Local
DELETE http://localhost:8002/api/gallery/:photoId
```
</CodeGroup>

### Headers

```
Authorization: Bearer <glassesJwt>
```

### Parameters

| Parameter | Type | Description |
|-----------|------|-------------|
| `photoId` | string | The ID of the photo to delete (in URL) |

### Response

Success (200):
```json
{
  "success": true,
  "message": "Photo deleted successfully"
}
```

Error (403):
```json
{
  "error": "Not authorized to delete this photo"
}
```

Error (404):
```json
{
  "error": "Photo not found" // or "Failed to delete photo"
}
```

Error (500):
```json
{
  "error": "Failed to delete photo"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/gallery.routes.ts:44-88`
- **Authorization**: Checks that the user owns the photo
- **Cleanup**: Attempts to delete physical file (non-critical)

### Deletion Process

1. Validates user authentication
2. Verifies photo exists and user owns it
3. Deletes photo record from database
4. Attempts to delete physical file from `uploads` directory (if exists)

<Warning>
There's an inconsistency in the code: The GET endpoint uses `decodedToken.email` while the DELETE endpoint uses `decodedToken.userId`. This should be standardized to use the same field.
</Warning>

## Error Codes

| Code | Description |
|------|-------------|
| 401 | Unauthorized - invalid glasses token |
| 403 | Forbidden - user doesn't own the photo |
| 404 | Photo not found |
| 500 | Internal server error |

## Data Model

Gallery photos contain:
- `_id`: Unique photo identifier
- `userId`: Owner's user ID
- `userEmail`: Owner's email address
- `filename`: Generated filename
- `uploadedAt`: Upload timestamp
- `size`: File size in bytes
- `mimeType`: Image MIME type
- `metadata`: Additional photo metadata including:
  - `requestId`: The original photo request ID
  - `origin`: Source of the photo (e.g., "app")
  - `packageName`: App that requested the photo

## Notes

- Gallery photos are stored in MongoDB using the `GalleryPhoto` model
- Physical files are stored in the `uploads` directory
- File deletion failures are logged but don't fail the API request
- All endpoints require glasses authentication (not regular user authentication)
- Photos are associated with users by their email address